Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

No sound and curser jumping all over the page.

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

No sound and curser jumping all over the page.

Unread postby shekha » July 14th, 2010, 1:25 pm

Hello i can't seem to get audio after reinstall of win XP and i have tried everything. Also the N curser won't keep still long enough to read a web page. Wondering if this could be some kind of virus or malware.

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 12:57:19 PM, on 7/14/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Dell\Media Experience\PCMService.exe
C:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Dell Photo AIO Printer 942\dlbubmgr.exe
C:\Program Files\Dell Photo AIO Printer 942\memcard.exe
C:\Program Files\Dell Photo AIO Printer 942\dlbubmon.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Norton Internet Security\Engine\17.7.0.12\ccSvcHst.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\WINDOWS\system32\tcpsvcs.exe
C:\WINDOWS\System32\snmp.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files\Norton Internet Security\Engine\17.7.0.12\ccSvcHst.exe
C:\Program Files\MSN Toolbar\Platform\4.0.0379.0\mswinext.exe
C:\WINDOWS\system32\msiexec.exe
C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: Symantec NCO BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton Internet Security\Engine\17.7.0.12\coIEPlg.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton Internet Security\Engine\17.7.0.12\IPSBHO.DLL
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: MSN Toolbar BHO - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\MSN Toolbar\Platform\4.0.0379.0\npwinext.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Internet Security\Engine\17.7.0.12\coIEPlg.dll
O3 - Toolbar: MSN Toolbar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files\MSN Toolbar\Platform\4.0.0379.0\npwinext.dll
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\Media Experience\PCMService.exe"
O4 - HKLM\..\Run: [UIUCU] C:\DOCUME~1\MARYHO~1\LOCALS~1\Temp\UIUCU.EXE -CLEAN_UP -S
O4 - HKLM\..\Run: [mmtask] c:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [Dell Photo AIO Printer 942] "C:\Program Files\Dell Photo AIO Printer 942\dlbubmgr.exe"
O4 - HKLM\..\Run: [DellMCM] "C:\Program Files\Dell Photo AIO Printer 942\memcard.exe"
O4 - HKLM\..\Run: [MSN Toolbar] "C:\Program Files\MSN Toolbar\Platform\4.0.0379.0\mswinext.exe"
O4 - HKLM\..\Run: [Microsoft Default Manager] "C:\Program Files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" -resume
O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Mary Holman\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Digital Line Detect.lnk = C:\Program Files\Digital Line Detect\DLG.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s ... wflash.cab
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: dlbu_device - Dell - C:\WINDOWS\system32\dlbucoms.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: Norton Internet Security (NIS) - Symantec Corporation - C:\Program Files\Norton Internet Security\Engine\17.7.0.12\ccSvcHst.exe

--
End of file - 6412 bytes

ABBYY FineReader 5.0 Sprint Plus
Adobe Flash Player 10 ActiveX
Adobe Reader 6.0.1
ATI - Software Uninstall Utility
ATI Control Panel
ATI Display Driver
ATI Parental Control
Belarc Advisor 8.1
Conexant D850 56K V.9x DFVc Modem
Dell Digital Jukebox Driver
Dell Media Experience
Dell Photo AIO Printer 942
Dell ResourceCD
Digital Line Detect
Driver Detective
HiJackThis
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB981793)
Intel(R) PRO Network Adapters and Drivers
Intel(R) PROSet for Wired Connections
Jasc Paint Shop Photo Album
Jasc Paint Shop Pro 8 Dell Edition
Java 2 Runtime Environment, SE v1.4.2_03
Java(TM) 6 Update 20
Malwarebytes' Anti-Malware
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 3.5 SP1
Microsoft Default Manager
Microsoft Search Enhancement Pack
Microsoft Silverlight
Mozilla Firefox (3.6.6)
MSN Toolbar
MSN Toolbar Platform
MSXML 6.0 Parser (KB933579)
MUSICMATCH® Jukebox
Norton Internet Security
Security Update for Windows Internet Explorer 8 (KB971961)
Security Update for Windows Internet Explorer 8 (KB981332)
Security Update for Windows Internet Explorer 8 (KB982381)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB978695)
Security Update for Windows Media Player (KB979402)
Security Update for Windows Media Player (KB979402)
Security Update for Windows XP (KB2229593)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923789)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975561)
Security Update for Windows XP (KB975562)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979559)
Security Update for Windows XP (KB979683)
Security Update for Windows XP (KB980195)
Security Update for Windows XP (KB980218)
Security Update for Windows XP (KB980232)
Security Update for Windows XP (KB982381)
SoundMAX
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Windows Internet Explorer 8 (KB976662)
Update for Windows Internet Explorer 8 (KB982632)
Update for Windows XP (KB951978)
Update for Windows XP (KB955759)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
Windows Imaging Component
Windows Live ID Sign-in Assistant
Windows XP Service Pack 3
WinZip 14.5
Yahoo! Messenger

ThanK you in advance for any help you can give me.
shekha
Active Member
 
Posts: 10
Joined: July 14th, 2010, 1:10 pm
Advertisement
Register to Remove

Re: No sound and curser jumping all over the page.

Unread postby MWR 3 day Mod » July 18th, 2010, 1:45 am

Hi,

We are sorry to see your topic is over three days old and no one has yet been able to respond and offer help.

If you still require assistance, please post a link to your topic in our Waiting for help with malware removal? forum, and our staff will make an effort to assist you as promptly as possible. Only post a LINK to this topic, DO NOT post your DDS log!

Please do not reply to this topic.

If you haven't posted within two days in the "Waiting for help with malware removal?" forum, we will assume you have been able to get assistance in other ways and this topic will be closed.
MWR 3 day Mod
MRU Undergrad
MRU Undergrad
 
Posts: 2534
Joined: April 4th, 2008, 8:40 am

Re: No sound and curser jumping all over the page.

Unread postby jmw3 » July 18th, 2010, 10:03 pm

Hello & Welcome to Malware Removal

Please Subscribe to this Thread to get immediate notification of replies as soon as they are posted. To do this ensure Notify me when a reply is posted is ticked on the POST A REPLY page.

In the meantime please note the following:
  • Please take time to read the Malware Removal Forum Guidelines and Rules where the conditions for receiving help at this forum are explained.
  • Any recommendations made are for your computer problems only and should NOT be used on any other computer.
  • Please DO NOT run any scans/tools or other fixes unless I ask you to. This is very important for several reasons. Here are just two of them:
    1. The tools that we use are very powerful and can cause >>irreparable damage<< to your computer if not used correctly.
    2. Commercial scanners, for the most part can not completely remove some of the more "resistant" infections. This makes it much more difficult to get rid of completely.
  • If you get stuck or are unsure of something please ask for a further explanation, do not guess.
  • It will require more than one round to properly clean your system. Continue to respond to this thread until I give you the All Clean! even if symptoms seemingly abate.
Please note that the forum is very busy and if I don't hear from you within three days this thread will be closed.
If for any reason you cannot complete instructions within that time, that's fine, just put a post here so that I know you're still here. We get a lot of people who simply leave & if there is no contact for that amount of time I will have to assume you have abandoned your topic.

Please be aware that removing Malware is a potentially hazardous undertaking. I will take care not to knowingly suggest courses of action that might damage your computer. However it is impossible for me to foresee all interactions that may happen between the software on your computer and those we'll use to clear you of infection, and I cannot guarantee the safety of your system. It is possible that we might encounter situations where the only recourse is to re-format and re-install your operating system, or to necessitate you taking your computer to a repair shop.

Because of this, I advise you to backup any personal files and folders before you start.

Thanks

DDS
Download DDS.scr by sUBs from one of the following links & save it to your desktop.
Link 1
Link 2
  • Double-Click on dds.scr and a command window will appear. This is normal
  • Shortly after two logs will appear, DDS.txt & Attach.txt
  • A window will open instructing you save & post the logs
  • Save the logs to a convenient place such as your desktop
  • Copy the contents of both logs & post in your next reply
Gmer
Download GMER Rootkit Scanner from here & save it to your desktop.
  • Double click the .exe file. If asked to allow gmer.sys driver to load, please consent
  • If it gives you a warning about rootkit activity and asks if you want to run scan...click on NO

    Image
    Click the image to enlarge it
  • In the right panel, you will see several boxes that have been checked. Uncheck the following ...
    • IAT/EAT
    • Drives/Partition other than Systemdrive (typically C:\)
    • Show All (don't miss this one)
  • Then click the Scan button & wait for it to finish
  • Once done click on the [Save..] button, and in the File name area, type in "Gmer.txt" or it will save as a .log file
  • Save it where you can easily find it, such as your desktop, and post it in reply
**Caution**
Rootkit scans often produce false positives. Do NOT take any action on any "<--- ROOKIT" entries

Do not run any programs while Gmer is running.

NOTE: If you cannot run GMER as indicated above, save a scan from the initial startup scan.
  • Before scanning, make sure all other running programs are closed & no other actions like a scheduled antivirus scan will occur while the scan is being performed. Do not use your computer for anything else during the scan
  • Double click the gmer.exe file
  • The program will begin to run & perform an initial scan. If possible rootkit activity is found, you will be asked if you would like to perform a full scan. Click No
  • After the "initial scan" is complete, click on the Save button, save the log file to your desktop & post it in your reply
To post in next reply:
Contents of DDS log
Contents of Attach.txt
Contents of Gmer log
User avatar
jmw3
MRU Emeritus
MRU Emeritus
 
Posts: 4621
Joined: February 12th, 2008, 2:36 am
Location: Port Hedland, Western Australia

Re: No sound and curser jumping all over the page.

Unread postby shekha » July 19th, 2010, 10:17 am

Thank you so much for responding. Here are the scans you requested.


UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_10-03-17.01)

Microsoft Windows XP Home Edition
Boot Device: \Device\HarddiskVolume1
Install Date: 6/26/2010 3:21:14 PM
System Uptime: 7/19/2010 9:51:12 AM (1 hours ago)

Motherboard: Dell Inc. | | 0M3918
Processor: Intel(R) Pentium(R) 4 CPU 2.80GHz | Microprocessor | 2792/800mhz

==== Disk Partitions =========================

C: is FIXED (NTFS) - 74 GiB total, 67.246 GiB free.
D: is Removable
E: is CDROM ()
F: is CDROM ()

==== Disabled Device Manager Items =============

Class GUID: TI Technologies Inc.
Description: RADEON X300 Series Secondary
Device ID: PCI\VEN_1002&DEV_5B70&SUBSYS_03031002&REV_00\4&166AB6CD&0&0108
Manufacturer: ATI Technologies Inc.
Name: RADEON X300 Series Secondary
PNP Device ID: PCI\VEN_1002&DEV_5B70&SUBSYS_03031002&REV_00\4&166AB6CD&0&0108
Service: ati2mtag

Class GUID: {4D36E96C-E325-11CE-BFC1-08002BE10318}
Description: SoundMAX Integrated Digital Audio
Device ID: PCI\VEN_8086&DEV_266E&SUBSYS_01811028&REV_03\3&172E68DD&0&F2
Manufacturer: Analog Devices, Inc.
Name: SoundMAX Integrated Digital Audio
PNP Device ID: PCI\VEN_8086&DEV_266E&SUBSYS_01811028&REV_03\3&172E68DD&0&F2
Service: smwdm

==== System Restore Points ===================

RP139: 7/16/2010 3:13:41 PM - System Checkpoint
RP140: 7/17/2010 3:19:10 PM - System Checkpoint
RP141: 7/18/2010 4:19:10 PM - System Checkpoint

==== Installed Programs ======================

ABBYY FineReader 5.0 Sprint Plus
Adobe Flash Player 10 ActiveX
Adobe Reader 6.0.1
ATI - Software Uninstall Utility
ATI Control Panel
ATI Display Driver
ATI Parental Control
Belarc Advisor 8.1
Conexant D850 56K V.9x DFVc Modem
Dell Digital Jukebox Driver
Dell Driver Download Manager
Dell Media Experience
Dell Photo AIO Printer 942
Dell ResourceCD
Digital Line Detect
Driver Detective
Google Chrome
HiJackThis
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB981793)
Intel(R) PRO Network Adapters and Drivers
Intel(R) PROSet for Wired Connections
Jasc Paint Shop Photo Album
Jasc Paint Shop Pro 8 Dell Edition
Java 2 Runtime Environment, SE v1.4.2_03
Java Auto Updater
Java(TM) 6 Update 20
Malwarebytes' Anti-Malware
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Default Manager
Microsoft Search Enhancement Pack
Microsoft Silverlight
Mozilla Firefox (3.6.6)
MSN Toolbar
MSN Toolbar Platform
MSXML 6.0 Parser (KB933579)
MUSICMATCH® Jukebox
Norton Internet Security
Security Update for Windows Internet Explorer 8 (KB971961)
Security Update for Windows Internet Explorer 8 (KB981332)
Security Update for Windows Internet Explorer 8 (KB982381)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB978695)
Security Update for Windows Media Player (KB979402)
Security Update for Windows XP (KB2229593)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923789)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975561)
Security Update for Windows XP (KB975562)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979559)
Security Update for Windows XP (KB979683)
Security Update for Windows XP (KB980195)
Security Update for Windows XP (KB980218)
Security Update for Windows XP (KB980232)
Security Update for Windows XP (KB982381)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Windows Internet Explorer 8 (KB976662)
Update for Windows Internet Explorer 8 (KB982632)
Update for Windows XP (KB951978)
Update for Windows XP (KB955759)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
WebFldrs XP
Windows Genuine Advantage Validation Tool (KB892130)
Windows Imaging Component
Windows Internet Explorer 8
Windows XP Service Pack 3
WinZip 14.5
Yahoo! Messenger

==== Event Viewer Messages From Past Week ========

7/15/2010 1:31:00 PM, error: Service Control Manager [7023] - The Application Management service terminated with the following error: The specified module could not be found.
7/12/2010 9:16:57 AM, error: Dhcp [1001] - Your computer was not assigned an address from the network (by the DHCP Server) for the Network Card with network address 00132038EFB6. The following error occurred: The semaphore timeout period has expired. . Your computer will continue to try and obtain an address on its own from the network address (DHCP) server.
7/12/2010 6:05:08 AM, information: Windows File Protection [64021] - The system file c:\windows\system32\usbui.dll could not be copied into the DLL cache. The specific error code is 0x00000000 [The operation completed successfully. ]. This file is necessary to maintain system stability.
7/12/2010 6:05:08 AM, information: Windows File Protection [64002] - File replacement was attempted on the protected system file c:\windows\system32\drivers\usbuhci.sys. This file was restored to the original version to maintain system stability. The file version of the system file is 5.1.2600.5512.

==== End Of File ===========================


DDS (Ver_10-03-17.01) - NTFSx86
Run by Mary Holman at 10:03:59.82 on Mon 07/19/2010
Internet Explorer: 8.0.6001.18702
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.510.73 [GMT -4:00]

AV: Norton Internet Security *On-access scanning enabled* (Updated) {E10A9785-9598-4754-B552-92431C1C35F8}
FW: Norton Internet Security *enabled* {7C21A4C9-F61F-4AC4-B722-A6E19C16F220}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Dell\Media Experience\PCMService.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Dell Photo AIO Printer 942\dlbubmgr.exe
C:\Program Files\Dell Photo AIO Printer 942\memcard.exe
C:\Program Files\Dell Photo AIO Printer 942\dlbubmon.exe
C:\Program Files\MSN Toolbar\Platform\4.0.0379.0\mswinext.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Norton Internet Security\Engine\17.7.0.12\ccSvcHst.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\WINDOWS\system32\tcpsvcs.exe
C:\WINDOWS\System32\snmp.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Norton Internet Security\Engine\17.7.0.12\ccSvcHst.exe
C:\Documents and Settings\Mary Holman\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Mary Holman\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Mary Holman\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Mary Holman\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.com/
BHO: AcroIEHlprObj Class: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 6.0\reader\activex\AcroIEHelper.dll
BHO: Symantec NCO BHO: {602adb0e-4aff-4217-8aa1-95dac4dfa408} - c:\program files\norton internet security\engine\17.7.0.12\coIEPlg.dll
BHO: Symantec Intrusion Prevention: {6d53ec84-6aae-4787-aeee-f4628f01010c} - c:\program files\norton internet security\engine\17.7.0.12\IPSBHO.DLL
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SEPsearchhelperie.dll
BHO: MSN Toolbar BHO: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\program files\msn toolbar\platform\4.0.0379.0\npwinext.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: Norton Toolbar: {7febefe3-6b19-4349-98d2-ffb09d4b49ca} - c:\program files\norton internet security\engine\17.7.0.12\coIEPlg.dll
TB: MSN Toolbar: {8dcb7100-df86-4384-8842-8fa844297b3f} - c:\program files\msn toolbar\platform\4.0.0379.0\npwinext.dll
uRun: [Google Update] "c:\documents and settings\mary holman\local settings\application data\google\update\GoogleUpdate.exe" /c
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [PCMService] "c:\program files\dell\media experience\PCMService.exe"
mRun: [ATIPTA] c:\program files\ati technologies\ati control panel\atiptaxx.exe
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [Dell Photo AIO Printer 942] "c:\program files\dell photo aio printer 942\dlbubmgr.exe"
mRun: [DellMCM] "c:\program files\dell photo aio printer 942\memcard.exe"
mRun: [MSN Toolbar] "c:\program files\msn toolbar\platform\4.0.0379.0\mswinext.exe"
mRun: [Microsoft Default Manager] "c:\program files\microsoft\search enhancement pack\default manager\DefMgr.exe" -resume
mRun: [SoundMAXPnP] c:\program files\analog devices\core\smax4pnp.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\digita~1.lnk - c:\program files\digital line detect\DLG.exe
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/products/plugin/aut ... s-i586.cab
DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/s ... wflash.cab
Handler: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - c:\program files\belarc\advisor\system\BAVoilaX.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\maryho~1\applic~1\mozilla\firefox\profiles\csdu36fb.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - prefs.js: network.proxy.type - 0
FF - component: c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nis_17.6.0.32\coffplgn\components\coFFPlgn.dll
FF - component: c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nis_17.6.0.32\ipsffplgn\components\IPSFFPl.dll
FF - component: c:\documents and settings\mary holman\application data\mozilla\firefox\profiles\csdu36fb.default\extensions\{7b13ec3e-999a-4b70-b9cb-2617b8323822}\components\FFExternalAlert.dll
FF - component: c:\documents and settings\mary holman\application data\mozilla\firefox\profiles\csdu36fb.default\extensions\{7b13ec3e-999a-4b70-b9cb-2617b8323822}\components\RadioWMPCore.dll
FF - plugin: c:\documents and settings\mary holman\local settings\application data\google\update\1.2.183.29\npGoogleOneClick8.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\msn toolbar\platform\4.0.0379.0\npwinext.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\

---- FIREFOX POLICIES ----
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.proxy.type", 5);
c:\program files\mozilla firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 45);
c:\program files\mozilla firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\program files\mozilla firefox\greprefs\all.js - pref("accelerometer.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("html5.enable", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);

============= SERVICES / DRIVERS ===============

R0 SymDS;Symantec Data Store;c:\windows\system32\drivers\nis\1107000.00c\symds.sys [2010-6-26 328752]
R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\nis\1107000.00c\symefa.sys [2010-6-26 173104]
R1 BHDrvx86;BHDrvx86;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nis_17.6.0.32\definitions\bashdefs\20100709.001\BHDrvx86.sys [2010-7-12 691248]
R1 ccHP;Symantec Hash Provider;c:\windows\system32\drivers\nis\1107000.00c\cchpx86.sys [2010-6-26 501888]
R1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\nis\1107000.00c\ironx86.sys [2010-6-26 116784]
R2 Iprip;RIP Listener;c:\windows\system32\svchost.exe -k netsvcs [2004-8-4 14336]
R2 NIS;Norton Internet Security;c:\program files\norton internet security\engine\17.7.0.12\ccsvchst.exe [2010-6-26 126392]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2010-7-15 102448]
R3 IDSxpx86;IDSxpx86;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nis_17.6.0.32\definitions\ipsdefs\20100716.001\IDSXpx86.sys [2010-7-16 331640]
R3 NAVENG;NAVENG;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nis_17.6.0.32\definitions\virusdefs\20100718.003\NAVENG.SYS [2010-7-18 85424]
R3 NAVEX15;NAVEX15;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nis_17.6.0.32\definitions\virusdefs\20100718.003\NAVEX15.SYS [2010-7-18 1362608]
S3 cpuz132;cpuz132;\??\c:\docume~1\maryho~1\locals~1\temp\cpuz132\cpuz132_x32.sys --> c:\docume~1\maryho~1\locals~1\temp\cpuz132\cpuz132_x32.sys [?]

=============== Created Last 30 ================

2010-07-17 17:40:26 0 d-----w- c:\docume~1\maryho~1\applic~1\Aventail
2010-07-17 11:07:34 0 d-----w- c:\windows\pss
2010-07-15 18:58:56 260352 ----a-w- c:\windows\system32\drivers\smwdm.sys
2010-07-15 18:58:55 765952 ----a-w- c:\windows\system\crlds3d.dll
2010-07-15 18:58:55 732928 ----a-w- c:\windows\system32\drivers\senfilt.sys
2010-07-15 18:58:55 23040 ----a-w- c:\windows\system32\PostProc.dll
2010-07-15 16:57:05 5504 -c--a-w- c:\windows\system32\dllcache\mstee.sys
2010-07-15 16:57:05 5504 ----a-w- c:\windows\system32\drivers\MSTEE.sys
2010-07-15 16:40:10 119798 ----a-w- c:\windows\system32\drivers\SPCA561.SYS
2010-07-15 16:21:50 53760 -c--a-w- c:\windows\system32\dllcache\vfwwdm32.dll
2010-07-15 16:21:50 53760 ----a-w- c:\windows\system32\vfwwdm32.dll
2010-07-15 16:21:47 91136 -c--a-w- c:\windows\system32\dllcache\kswdmcap.ax
2010-07-15 16:21:47 91136 ----a-w- c:\windows\system32\kswdmcap.ax
2010-07-15 16:21:47 61952 -c--a-w- c:\windows\system32\dllcache\kstvtune.ax
2010-07-15 16:21:47 61952 ----a-w- c:\windows\system32\kstvtune.ax
2010-07-15 16:21:47 43008 -c--a-w- c:\windows\system32\dllcache\ksxbar.ax
2010-07-15 16:21:47 43008 ----a-w- c:\windows\system32\ksxbar.ax
2010-07-15 14:06:18 311296 ----a-w- c:\windows\system32\Edcrypt.dll
2010-07-15 03:35:32 0 d-----w- c:\docume~1\maryho~1\applic~1\Tific
2010-07-14 16:56:31 0 d-----w- c:\program files\Trend Micro
2010-07-14 10:03:30 0 d-----w- c:\docume~1\maryho~1\applic~1\Malwarebytes
2010-07-14 10:03:15 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-07-14 10:03:13 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-07-14 10:03:13 0 d-----w- c:\docume~1\alluse~1\applic~1\Malwarebytes
2010-07-14 10:03:10 0 d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-07-14 00:20:57 744448 -c----w- c:\windows\system32\dllcache\helpsvc.exe
2010-07-13 17:47:32 1071 ----a-w- c:\windows\AWMODEM.INF
2010-07-12 12:35:29 22 ----a-w- c:\windows\system32\ati64hlp.stb
2010-07-12 12:32:03 22 ----a-w- c:\windows\system32\ati64hl2.stb
2010-07-12 09:58:53 5 ----a-w- c:\windows\system32\drivers\DELL_DIM_4700.MRK
2010-07-12 09:58:53 5 ----a-w- c:\windows\system32\drivers\1028_DELL_DIM_4700.MRK
2010-07-12 09:34:40 3840 ----a-w- c:\windows\system32\drivers\BANTExt.sys
2010-07-12 09:34:38 0 d-----w- c:\program files\Belarc
2010-07-05 16:09:28 0 d-----w- c:\docume~1\alluse~1\applic~1\UAB
2010-07-05 16:09:05 0 d-----w- c:\docume~1\alluse~1\applic~1\PC Drivers HeadQuarters
2010-07-05 16:08:31 0 d-----w- c:\program files\PC Drivers HeadQuarters
2010-07-05 15:45:17 40 ----a-w- c:\windows\WinInit.Ini
2010-07-05 15:36:07 0 d-----w- c:\program files\Microsoft
2010-07-05 15:36:03 0 d-----w- c:\program files\MSN Toolbar
2010-07-05 15:35:15 0 d-----w- c:\docume~1\alluse~1\applic~1\Driver Inspector
2010-07-05 15:35:10 0 d-----w- c:\program files\MSN Toolbar Installer
2010-07-02 12:59:13 0 d-----w- c:\windows\system32\wbem\Repository
2010-07-02 11:48:17 0 d-----w- c:\docume~1\maryho~1\applic~1\ElevatedDiagnostics
2010-07-02 00:30:12 0 d-----w- C:\5.12.01.5280
2010-06-28 14:48:27 0 d-----w- c:\program files\Analog Devices
2010-06-28 13:50:23 73728 ----a-w- c:\windows\system32\javacpl.cpl
2010-06-28 13:50:23 411368 ----a-w- c:\windows\system32\deployJava1.dll
2010-06-27 15:59:36 0 d-----w- c:\program files\Jasc Software Inc
2010-06-27 15:59:36 0 d-----w- c:\program files\Dell Computer
2010-06-27 15:57:55 0 d-----w- c:\program files\ABBYY FineReader 5.0 Sprint
2010-06-27 15:57:43 585 ----a-w- c:\windows\dellstat.ini
2010-06-27 15:57:24 143360 ----a-r- c:\windows\system32\dlbucoin.dll
2010-06-27 15:57:24 131072 ----a-r- c:\windows\system32\dlbusnls.dll
2010-06-27 15:57:14 15104 -c--a-w- c:\windows\system32\dllcache\usbscan.sys
2010-06-27 15:57:14 15104 ----a-w- c:\windows\system32\drivers\usbscan.sys
2010-06-27 15:57:10 87040 -c--a-w- c:\windows\system32\dllcache\wiafbdrv.dll
2010-06-27 15:57:10 87040 ----a-w- c:\windows\system32\wiafbdrv.dll
2010-06-27 15:55:33 0 d-----w- c:\program files\Dell Photo AIO Printer 942
2010-06-27 15:55:08 0 d-----w- c:\temp\{9F5FBC24-EFE2-4f90-B498-EC0FB7D47D15}
2010-06-27 15:52:28 0 d-----w- c:\docume~1\alluse~1\applic~1\Easy Driver Pro
2010-06-27 15:19:54 44 ----a-w- c:\windows\system32\msssc.dll
2010-06-27 15:01:16 0 d-----w- c:\windows\VirtualEar
2010-06-27 15:01:15 49152 ----a-w- c:\windows\system32\DSndUp.exe
2010-06-27 15:01:15 45056 ----a-w- c:\windows\system32\CleanUp.exe
2010-06-27 14:28:43 456 ------w- c:\windows\system32\pthsp.dat
2010-06-27 14:28:43 0 d-----w- c:\windows\PCTEL
2010-06-27 14:27:03 64512 ------w- c:\windows\system32\agrsmdel.exe
2010-06-27 13:59:43 274288 ----a-w- c:\windows\system32\mucltui.dll
2010-06-27 13:59:43 215920 ----a-w- c:\windows\system32\muweb.dll
2010-06-27 13:59:43 16736 ----a-w- c:\windows\system32\mucltui.dll.mui
2010-06-27 12:21:46 0 d-----w- c:\windows\SxsCaPendDel
2010-06-27 12:15:07 3255 ----a-w- c:\windows\system32\wbem\Outlook_01cb15f261924b3c.mof
2010-06-27 11:35:47 0 d-----w- c:\docume~1\maryho~1\applic~1\SoftGrid Client
2010-06-27 11:31:11 0 d-----w- c:\docume~1\maryho~1\applic~1\TP
2010-06-27 11:18:27 0 d-----w- c:\program files\MSECache
2010-06-26 23:14:29 0 d-----w- c:\program files\Yahoo!
2010-06-26 22:59:11 520192 ------w- c:\windows\system32\ati2sgag.exe
2010-06-26 22:58:47 0 d-----w- c:\program files\ATI Technologies
2010-06-26 22:48:19 618880 ----a-w- c:\windows\system32\drivers\IntelC52.sys
2010-06-26 20:23:02 1902 ------w- c:\windows\system32\SetupBD.din
2010-06-26 20:22:38 5110 ----a-w- c:\windows\system32\e100b325.din
2010-06-26 20:22:38 24064 ----a-w- c:\windows\system32\IntelNic.dll
2010-06-26 20:22:38 154112 -c--a-w- c:\windows\system32\dllcache\e100b325.sys
2010-06-26 20:22:38 154112 ----a-w- c:\windows\system32\drivers\e100b325.sys
2010-06-26 20:22:38 12288 ----a-w- c:\windows\system32\e100bmsg.dll
2010-06-26 20:22:38 118784 ----a-w- c:\windows\system32\Prounstl.exe
2010-06-26 20:22:38 0 d-----w- C:\drvrtmp
2010-06-26 20:22:14 0 d-----w- c:\windows\RegisteredPackages
2010-06-26 20:21:59 28352 ----a-w- c:\windows\system32\drivers\MxlW2k.sys
2010-06-26 20:21:52 149504 ----a-w- c:\windows\UNWISE.EXE
2010-06-26 20:21:42 0 d-----w- c:\program files\MUSICMATCH
2010-06-26 20:21:00 49152 ----a-w- c:\windows\system32\mhwt.dll
2010-06-26 20:21:00 47360 ----a-w- c:\windows\system32\drivers\IntelC53.sys
2010-06-26 20:21:00 36880 ----a-w- c:\windows\system32\drivers\mohfilt.sys
2010-06-26 20:21:00 172032 ----a-w- c:\windows\system32\intelmoh.dll
2010-06-26 20:21:00 1339776 ----a-w- c:\windows\system32\drivers\IntelC51.sys
2010-06-26 20:14:55 53248 ------w- c:\windows\system32\ltremove.exe
2010-06-26 20:14:55 0 d-----w- c:\windows\Options
2010-06-26 20:14:15 24576 ----a-r- c:\windows\system32\cpl_moh.cpl
2010-06-26 20:08:50 0 d-----w- c:\docume~1\alluse~1\applic~1\Driver Whiz
2010-06-26 20:08:35 300032 ----a-w- c:\windows\unin040b.exe
2010-06-26 20:07:44 1089593 -c----w- c:\windows\system32\dllcache\ntprint.cat
2010-06-26 20:04:54 90112 ----a-w- c:\windows\system32\SET5A.tmp
2010-06-26 19:58:20 0 d-----w- c:\program files\UIU
2010-06-26 19:54:42 0 d-----w- c:\program files\Digital Line Detect
2010-06-26 19:36:49 0 d-----w- c:\program files\Dell
2010-06-26 19:30:03 0 d-----w- c:\program files\CONEXANT
2010-06-26 19:18:13 0 d-sh--w- c:\documents and settings\all users\DRM
2010-06-26 19:17:52 0 d--h--w- c:\program files\WindowsUpdate
2010-06-26 19:17:05 0 d-----w- c:\program files\common files\MSSoap
2010-06-26 19:15:53 0 d-----w- c:\program files\Online Services
2010-06-26 19:15:48 0 d-----w- c:\program files\Messenger
2010-06-26 19:15:45 0 d-----w- c:\program files\MSN Gaming Zone
2010-06-26 19:15:14 0 d-----w- c:\program files\Windows NT
2010-06-26 12:05:14 0 d-----w- c:\program files\common files\ODBC
2010-06-26 12:05:11 0 d-----w- c:\program files\common files\SpeechEngines
2010-06-26 12:04:45 0 d-----r- c:\documents and settings\all users\Documents
2010-06-26 10:07:50 0 d-----w- c:\program files\Symantec
2010-06-26 10:07:50 0 d-----w- c:\program files\common files\Symantec Shared
2010-06-26 10:06:57 0 d-----w- c:\program files\Norton Internet Security
2010-06-26 10:06:56 0 d-----w- c:\docume~1\alluse~1\applic~1\Norton
2010-06-26 10:06:45 0 d-----w- c:\program files\NortonInstaller
2010-06-26 10:06:45 0 d-----w- c:\docume~1\alluse~1\applic~1\NortonInstaller
2010-06-26 09:40:46 0 d-----w- c:\program files\MSXML 6.0

==================== Find3M ====================

2010-06-26 19:16:34 21640 ----a-w- c:\windows\system32\emptyregdb.dat
2010-06-26 10:07:50 805 ----a-w- c:\windows\system32\drivers\SYMEVENT.INF
2010-06-26 10:07:50 7443 ----a-w- c:\windows\system32\drivers\SYMEVENT.CAT
2010-06-26 10:07:50 60808 ----a-w- c:\windows\system32\S32EVNT1.DLL
2010-06-26 10:07:50 124976 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS
2010-05-06 10:41:53 916480 ----a-w- c:\windows\system32\wininet.dll
2010-05-02 05:22:50 1851264 ----a-w- c:\windows\system32\win32k.sys
GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2010-07-19 10:13:27
Windows 5.1.2600 Service Pack 3
Running: dhuttrwp.exe; Driver: C:\DOCUME~1\MARYHO~1\LOCALS~1\Temp\kxxiaaow.sys


---- System - GMER 1.0.15 ----

SSDT 8247E9A8 ZwAlertResumeThread
SSDT 8247EA68 ZwAlertThread
SSDT 82231EA0 ZwAllocateVirtualMemory
SSDT 82214F70 ZwAssignProcessToJobObject
SSDT 82376250 ZwConnectPort
SSDT \??\C:\WINDOWS\system32\Drivers\SYMEVENT.SYS (Symantec Event Library/Symantec Corporation) ZwCreateKey [0xEF8EB210]
SSDT 822D2B18 ZwCreateMutant
SSDT 821E86D8 ZwCreateSymbolicLinkObject
SSDT 822402C0 ZwCreateThread
SSDT 821D0588 ZwDebugActiveProcess
SSDT \??\C:\WINDOWS\system32\Drivers\SYMEVENT.SYS (Symantec Event Library/Symantec Corporation) ZwDeleteKey [0xEF8EB490]
SSDT \??\C:\WINDOWS\system32\Drivers\SYMEVENT.SYS (Symantec Event Library/Symantec Corporation) ZwDeleteValueKey [0xEF8EB9F0]
SSDT 822E8490 ZwDuplicateObject
SSDT 8236F778 ZwFreeVirtualMemory
SSDT 823799B8 ZwImpersonateAnonymousToken
SSDT 82379A98 ZwImpersonateThread
SSDT 822D06C8 ZwLoadDriver
SSDT 821EC2C0 ZwMapViewOfSection
SSDT 822D2A38 ZwOpenEvent
SSDT 821DF520 ZwOpenProcess
SSDT 82231F90 ZwOpenProcessToken
SSDT 822E2B70 ZwOpenSection
SSDT 822E8580 ZwOpenThread
SSDT 82214E80 ZwProtectVirtualMemory
SSDT 822D2F28 ZwResumeThread
SSDT 821DE790 ZwSetContextThread
SSDT 821DE870 ZwSetInformationProcess
SSDT 821D0668 ZwSetSystemInformation
SSDT \??\C:\WINDOWS\system32\Drivers\SYMEVENT.SYS (Symantec Event Library/Symantec Corporation) ZwSetValueKey [0xEF8EBC40]
SSDT 822E2C50 ZwSuspendProcess
SSDT 823ECAF0 ZwSuspendThread
SSDT 821D7A98 ZwTerminateProcess
SSDT 823ECBD0 ZwTerminateThread
SSDT 82362EA0 ZwUnmapViewOfSection
SSDT 8236F868 ZwWriteVirtualMemory

---- Kernel code sections - GMER 1.0.15 ----

.text ntkrnlpa.exe!ZwCallbackReturn + 239C 80501BD4 8 Bytes JMP 6AB89E20
.text ntkrnlpa.exe!ZwCallbackReturn + 26FC 80501F34 4 Bytes CALL 9DE4A156
? SYMDS.SYS The system cannot find the file specified. !
? SYMEFA.SYS The system cannot find the file specified. !

---- User code sections - GMER 1.0.15 ----

.text C:\Documents and Settings\Mary Holman\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[360] ntdll.dll!NtCreateFile + 6 7C90D0B4 4 Bytes [28, 00, 15, 00]
.text C:\Documents and Settings\Mary Holman\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[360] ntdll.dll!NtCreateFile + B 7C90D0B9 1 Byte [E2]
.text C:\Documents and Settings\Mary Holman\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[360] ntdll.dll!NtOpenFile + 6 7C90D5A4 4 Bytes [68, 00, 15, 00]
.text C:\Documents and Settings\Mary Holman\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[360] ntdll.dll!NtOpenFile + B 7C90D5A9 1 Byte [E2]
.text C:\Documents and Settings\Mary Holman\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[360] ntdll.dll!NtOpenProcess + 6 7C90D604 4 Bytes [A8, 01, 15, 00]
.text C:\Documents and Settings\Mary Holman\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[360] ntdll.dll!NtOpenProcess + B 7C90D609 1 Byte [E2]
.text C:\Documents and Settings\Mary Holman\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[360] ntdll.dll!NtOpenProcessToken + 6 7C90D614 4 Bytes CALL 7B90EB1A
.text C:\Documents and Settings\Mary Holman\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[360] ntdll.dll!NtOpenProcessToken + B 7C90D619 1 Byte [E2]
.text C:\Documents and Settings\Mary Holman\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[360] ntdll.dll!NtOpenProcessTokenEx + 6 7C90D624 4 Bytes [A8, 02, 15, 00]
.text C:\Documents and Settings\Mary Holman\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[360] ntdll.dll!NtOpenProcessTokenEx + B 7C90D629 1 Byte [E2]
.text C:\Documents and Settings\Mary Holman\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[360] ntdll.dll!NtOpenThread + 6 7C90D664 4 Bytes [68, 01, 15, 00]
.text C:\Documents and Settings\Mary Holman\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[360] ntdll.dll!NtOpenThread + B 7C90D669 1 Byte [E2]
.text C:\Documents and Settings\Mary Holman\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[360] ntdll.dll!NtOpenThreadToken + 6 7C90D674 4 Bytes [68, 02, 15, 00]
.text C:\Documents and Settings\Mary Holman\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[360] ntdll.dll!NtOpenThreadToken + B 7C90D679 1 Byte [E2]
.text C:\Documents and Settings\Mary Holman\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[360] ntdll.dll!NtOpenThreadTokenEx + 6 7C90D684 4 Bytes CALL 7B90EB8B
.text C:\Documents and Settings\Mary Holman\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[360] ntdll.dll!NtOpenThreadTokenEx + B 7C90D689 1 Byte [E2]
.text C:\Documents and Settings\Mary Holman\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[360] ntdll.dll!NtQueryAttributesFile + 6 7C90D714 4 Bytes [A8, 00, 15, 00]
.text C:\Documents and Settings\Mary Holman\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[360] ntdll.dll!NtQueryAttributesFile + B 7C90D719 1 Byte [E2]
.text C:\Documents and Settings\Mary Holman\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[360] ntdll.dll!NtQueryFullAttributesFile + 6 7C90D7B4 4 Bytes CALL 7B90ECB9
.text C:\Documents and Settings\Mary Holman\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[360] ntdll.dll!NtQueryFullAttributesFile + B 7C90D7B9 1 Byte [E2]
.text C:\Documents and Settings\Mary Holman\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[360] ntdll.dll!NtSetInformationFile + 6 7C90DC64 4 Bytes [28, 01, 15, 00]
.text C:\Documents and Settings\Mary Holman\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[360] ntdll.dll!NtSetInformationFile + B 7C90DC69 1 Byte [E2]
.text C:\Documents and Settings\Mary Holman\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[360] ntdll.dll!NtSetInformationThread + 6 7C90DCB4 4 Bytes [28, 02, 15, 00]
.text C:\Documents and Settings\Mary Holman\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[360] ntdll.dll!NtSetInformationThread + B 7C90DCB9 1 Byte [E2]

---- Devices - GMER 1.0.15 ----

AttachedDevice \Driver\Tcpip \Device\Ip SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice \Driver\Tcpip \Device\Tcp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice \Driver\Tcpip \Device\Udp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice \Driver\Tcpip \Device\RawIp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)

---- EOF - GMER 1.0.15 ----

============= FINISH: 10:04:44.50 ===============
Thank you again
shekha
Active Member
 
Posts: 10
Joined: July 14th, 2010, 1:10 pm

Re: No sound and curser jumping all over the page.

Unread postby jmw3 » July 19th, 2010, 11:25 am

Hi

Remove Programs
Click Start > Control Panel > Add/Remove Programs
Remove these programs by clicking Remove

Java 2 Runtime Environment, SE v1.4.2_03

If some programs listed are not present, please do not panic

TFC (Temp File Cleaner)
Download TFC (Temp File Cleaner) by Old Timer Here & save it to your desktop.
  • Save any unsaved work. TFC Cleaner will close all open application windows
  • Double-click TFC.exe to run the program, your desktop will temporarily disappear
  • If prompted, click Yes to reboot
Note: Save your work.. TFC will automatically close any open programs, let it run uninterrupted. It shouldn't take any longer than a couple of minutes & may only take a few seconds. Only if needed will you be prompted to reboot.

ComboFix
Download ComboFix from one of these locations (DO NOT download ComboFix from anywhere else but one of the provided links):
Link 1
Link 2

**IMPORTANT !!! Save ComboFix.exe to your Desktop**

  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools
    A guide to do this can be found here
  • Double click on ComboFix.exe & follow the prompts
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console
Image
**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:
Image

  • Click on Yes, to continue scanning for malware.
  • When finished, it shall produce a log for you. Please include the contents of C:\ComboFix.txt in your next reply
A word of warning: Neither I nor sUBs are responsible for any damage you may cause to your machine by running ComboFix on your own. This tool is not a toy and not for everyday use.
ComboFix SHOULD NOT be used unless requested by a forum helper


To post in next reply:
ComboFix log
Update on how the computer is running
User avatar
jmw3
MRU Emeritus
MRU Emeritus
 
Posts: 4621
Joined: February 12th, 2008, 2:36 am
Location: Port Hedland, Western Australia

Re: No sound and curser jumping all over the page.

Unread postby shekha » July 20th, 2010, 4:17 pm

Results of ComboFix

ComboFix 10-07-20.01 - Mary Holman 07/20/2010 15:55:38.1.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.510.120 [GMT -4:00]
Running from: c:\documents and settings\Mary Holman\Desktop\ComboFix.exe
AV: Norton Internet Security *On-access scanning disabled* (Updated) {E10A9785-9598-4754-B552-92431C1C35F8}
FW: Norton Internet Security *enabled* {7C21A4C9-F61F-4AC4-B722-A6E19C16F220}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\msssc.dll

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_IPRIP
-------\Service_Iprip


((((((((((((((((((((((((( Files Created from 2010-06-20 to 2010-07-20 )))))))))))))))))))))))))))))))
.

2010-07-18 15:11 . 2010-06-30 04:13 52224 ----a-w- c:\documents and settings\Mary Holman\Application Data\Mozilla\Firefox\Profiles\csdu36fb.default\extensions\{7b13ec3e-999a-4b70-b9cb-2617b8323822}\components\FFExternalAlert.dll
2010-07-18 15:11 . 2010-06-30 04:13 101376 ----a-w- c:\documents and settings\Mary Holman\Application Data\Mozilla\Firefox\Profiles\csdu36fb.default\extensions\{7b13ec3e-999a-4b70-b9cb-2617b8323822}\components\RadioWMPCore.dll
2010-07-17 17:40 . 2010-07-17 17:40 -------- d-----w- c:\documents and settings\Mary Holman\Application Data\Aventail
2010-07-15 18:58 . 2005-01-27 19:31 260352 ----a-w- c:\windows\system32\drivers\smwdm.sys
2010-07-15 18:58 . 2004-10-05 20:10 23040 ----a-w- c:\windows\system32\PostProc.dll
2010-07-15 18:58 . 2004-09-17 13:02 732928 ----a-w- c:\windows\system32\drivers\senfilt.sys
2010-07-15 18:58 . 2001-09-19 16:47 765952 ----a-w- c:\windows\system\crlds3d.dll
2010-07-15 16:57 . 2008-04-13 15:39 5504 -c--a-w- c:\windows\system32\dllcache\mstee.sys
2010-07-15 16:57 . 2008-04-13 15:39 5504 ----a-w- c:\windows\system32\drivers\MSTEE.sys
2010-07-15 16:56 . 2008-04-13 15:46 10880 -c--a-w- c:\windows\system32\dllcache\ndisip.sys
2010-07-15 16:56 . 2008-04-13 15:46 10880 ----a-w- c:\windows\system32\drivers\NdisIP.sys
2010-07-15 16:56 . 2008-04-13 15:46 15232 -c--a-w- c:\windows\system32\dllcache\streamip.sys
2010-07-15 16:56 . 2008-04-13 15:46 15232 ----a-w- c:\windows\system32\drivers\StreamIP.sys
2010-07-15 16:56 . 2008-04-13 15:46 11136 -c--a-w- c:\windows\system32\dllcache\slip.sys
2010-07-15 16:56 . 2008-04-13 15:46 11136 ----a-w- c:\windows\system32\drivers\SLIP.sys
2010-07-15 16:56 . 2008-04-13 15:46 19200 -c--a-w- c:\windows\system32\dllcache\wstcodec.sys
2010-07-15 16:56 . 2008-04-13 15:46 19200 ----a-w- c:\windows\system32\drivers\WSTCODEC.SYS
2010-07-15 16:56 . 2008-04-13 15:46 85248 -c--a-w- c:\windows\system32\dllcache\nabtsfec.sys
2010-07-15 16:56 . 2008-04-13 15:46 85248 ----a-w- c:\windows\system32\drivers\NABTSFEC.sys
2010-07-15 16:56 . 2008-04-13 15:46 17024 -c--a-w- c:\windows\system32\dllcache\ccdecode.sys
2010-07-15 16:56 . 2008-04-13 15:46 17024 ----a-w- c:\windows\system32\drivers\CCDECODE.sys
2010-07-15 16:40 . 2010-07-15 16:40 119798 ----a-w- c:\windows\system32\drivers\SPCA561.SYS
2010-07-15 16:21 . 2008-04-13 21:12 53760 -c--a-w- c:\windows\system32\dllcache\vfwwdm32.dll
2010-07-15 16:21 . 2008-04-13 21:12 53760 ----a-w- c:\windows\system32\vfwwdm32.dll
2010-07-15 14:06 . 2004-09-23 11:55 311296 ----a-w- c:\windows\system32\Edcrypt.dll
2010-07-15 03:50 . 2008-04-14 00:12 26624 ----a-w- c:\documents and settings\LocalService\Application Data\Microsoft\UPnP Device Host\upnphost\udhisapi.dll
2010-07-15 03:35 . 2010-07-15 03:35 -------- d-----w- c:\documents and settings\Mary Holman\Application Data\Tific
2010-07-14 16:56 . 2010-07-14 16:56 388096 ----a-r- c:\documents and settings\Mary Holman\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2010-07-14 16:56 . 2010-07-14 16:56 -------- d-----w- c:\program files\Trend Micro
2010-07-14 13:35 . 2010-07-14 13:35 0 ----a-w- c:\windows\nsreg.dat
2010-07-14 13:35 . 2010-07-14 13:35 -------- d-----w- c:\documents and settings\Mary Holman\Local Settings\Application Data\Mozilla
2010-07-14 10:03 . 2010-07-14 10:03 -------- d-----w- c:\documents and settings\Mary Holman\Application Data\Malwarebytes
2010-07-14 10:03 . 2010-04-29 19:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-07-14 10:03 . 2010-07-14 10:03 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2010-07-14 10:03 . 2010-04-29 19:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-07-14 10:03 . 2010-07-14 10:03 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-07-14 00:20 . 2010-06-14 14:31 744448 -c----w- c:\windows\system32\dllcache\helpsvc.exe
2010-07-13 17:28 . 2010-07-15 12:55 -------- d-----w- c:\windows\system32\FxsTmp
2010-07-13 17:28 . 2004-08-04 12:00 31744 -c--a-w- c:\windows\system32\dllcache\fxsroute.dll
2010-07-13 17:28 . 2004-08-04 12:00 31744 ----a-w- c:\windows\system32\fxsroute.dll
2010-07-13 17:28 . 2004-08-04 12:00 132608 -c--a-w- c:\windows\system32\dllcache\fxsclntr.dll
2010-07-13 17:28 . 2004-08-04 12:00 132608 ----a-w- c:\windows\system32\fxsclntR.dll
2010-07-13 17:28 . 2004-08-04 12:00 11264 -c--a-w- c:\windows\system32\dllcache\fxssend.exe
2010-07-13 17:28 . 2004-08-04 12:00 11264 ----a-w- c:\windows\system32\fxssend.exe
2010-07-13 17:28 . 2004-08-04 12:00 111104 -c--a-w- c:\windows\system32\dllcache\fxscfgwz.dll
2010-07-13 17:28 . 2004-08-04 12:00 111104 ----a-w- c:\windows\system32\fxscfgwz.dll
2010-07-12 10:51 . 2010-07-15 15:18 -------- d-----w- c:\documents and settings\Mary Holman\Application Data\AdobeUM
2010-07-12 10:32 . 2010-07-12 10:32 -------- d-----w- c:\documents and settings\Mary Holman\Local Settings\Application Data\Help
2010-07-12 09:34 . 2008-02-27 17:49 3840 ----a-w- c:\windows\system32\drivers\BANTExt.sys
2010-07-12 09:34 . 2010-07-12 09:34 -------- d-----w- c:\program files\Belarc
2010-07-06 14:33 . 2004-08-04 12:00 5632 -c--a-w- c:\windows\system32\dllcache\smimsgif.dll
2010-07-06 14:33 . 2004-08-04 12:00 5632 -c--a-w- c:\windows\system32\dllcache\smierrsy.dll
2010-07-06 14:33 . 2004-08-04 12:00 18944 -c--a-w- c:\windows\system32\dllcache\simptcp.dll
2010-07-06 14:33 . 2004-08-04 12:00 18944 ----a-w- c:\windows\system32\simptcp.dll
2010-07-06 14:33 . 2004-08-04 12:00 15872 -c--a-w- c:\windows\system32\dllcache\smierrsm.dll
2010-07-06 14:33 . 2004-08-04 12:00 10240 -c--a-w- c:\windows\system32\dllcache\snmpstup.dll
2010-07-06 14:33 . 2004-08-04 12:00 10240 ----a-w- c:\windows\system32\wbem\snmpstup.dll
2010-07-05 16:09 . 2010-07-05 16:09 -------- d-----w- c:\documents and settings\All Users\Application Data\UAB
2010-07-05 16:09 . 2010-07-05 16:09 -------- d-----w- c:\documents and settings\Mary Holman\Local Settings\Application Data\PC_Drivers_Headquarters
2010-07-05 16:09 . 2010-07-05 16:09 -------- d-----w- c:\documents and settings\All Users\Application Data\PC Drivers HeadQuarters
2010-07-05 16:08 . 2010-07-05 16:08 -------- d-----w- c:\program files\PC Drivers HeadQuarters
2010-07-05 15:36 . 2010-07-05 15:36 -------- d-----w- c:\program files\Microsoft
2010-07-05 15:36 . 2010-07-05 15:36 -------- d-----w- c:\program files\MSN Toolbar
2010-07-05 15:35 . 2010-07-05 15:35 -------- d-----w- c:\documents and settings\All Users\Application Data\Driver Inspector
2010-07-05 15:35 . 2010-07-05 15:36 -------- d-----w- c:\program files\MSN Toolbar Installer
2010-07-03 13:44 . 2010-07-03 13:44 -------- d-----w- c:\documents and settings\Mary Holman\Local Settings\Application Data\Adobe
2010-07-03 13:43 . 2010-07-03 13:44 -------- d-----w- c:\program files\Common Files\Adobe
2010-07-03 13:43 . 2010-07-03 13:43 -------- d-----w- c:\windows\Sun
2010-07-02 14:43 . 2010-07-02 14:43 -------- d-----w- c:\program files\Microsoft Silverlight
2010-07-02 12:59 . 2010-07-02 12:59 -------- d-----w- c:\windows\system32\wbem\Repository
2010-07-02 11:48 . 2010-07-02 11:48 -------- d-----w- c:\documents and settings\Mary Holman\Application Data\ElevatedDiagnostics
2010-07-02 00:30 . 2010-07-02 12:57 -------- d-----w- C:\5.12.01.5280
2010-06-28 14:48 . 2010-07-15 17:42 -------- d-----w- c:\program files\Analog Devices
2010-06-28 13:50 . 2010-06-28 13:50 503808 ----a-w- c:\documents and settings\Mary Holman\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-6a4a0773-n\msvcp71.dll
2010-06-28 13:50 . 2010-06-28 13:50 499712 ----a-w- c:\documents and settings\Mary Holman\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-6a4a0773-n\jmc.dll
2010-06-28 13:50 . 2010-06-28 13:50 348160 ----a-w- c:\documents and settings\Mary Holman\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-6a4a0773-n\msvcr71.dll
2010-06-28 13:50 . 2010-06-28 13:50 61440 ----a-w- c:\documents and settings\Mary Holman\Application Data\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-488b17dc-n\decora-sse.dll
2010-06-28 13:50 . 2010-06-28 13:50 12800 ----a-w- c:\documents and settings\Mary Holman\Application Data\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-488b17dc-n\decora-d3d.dll
2010-06-28 13:50 . 2010-06-28 13:50 411368 ----a-w- c:\windows\system32\deployJava1.dll
2010-06-28 10:10 . 2010-06-28 10:10 -------- d-----w- c:\documents and settings\All Users\Application Data\WinZip
2010-06-27 16:01 . 2010-06-27 16:01 49152 ----a-r- c:\documents and settings\Mary Holman\Application Data\Microsoft\Installer\{81A34902-9D0B-4920-A25C-4CDC5D14B328}\NewShortcut6_81A349029D0B4920A25C4CDC5D14B328.exe
2010-06-27 16:01 . 2010-06-27 16:01 14278 ----a-r- c:\documents and settings\Mary Holman\Application Data\Microsoft\Installer\{81A34902-9D0B-4920-A25C-4CDC5D14B328}\PaintShopPro8_TryAndBuy.exe
2010-06-27 16:01 . 2010-06-27 16:01 57344 ----a-r- c:\documents and settings\Mary Holman\Application Data\Microsoft\Installer\{81A34902-9D0B-4920-A25C-4CDC5D14B328}\DPS_SMLink.CAA7B2BB_F373_4C0B_8C62_D4147E5C816B.exe
2010-06-27 16:01 . 2010-06-27 16:01 57344 ----a-r- c:\documents and settings\Mary Holman\Application Data\Microsoft\Installer\{81A34902-9D0B-4920-A25C-4CDC5D14B328}\DPS_DTLink.CAA7B2BB_F373_4C0B_8C62_D4147E5C816B.exe
2010-06-27 16:01 . 2010-06-27 16:01 14278 ----a-r- c:\documents and settings\Mary Holman\Application Data\Microsoft\Installer\{81A34902-9D0B-4920-A25C-4CDC5D14B328}\ARPPRODUCTICON.exe
2010-06-27 16:00 . 2010-06-27 16:00 -------- d-----w- c:\documents and settings\Mary Holman\Application Data\Jasc Software Inc
2010-06-27 16:00 . 2010-06-27 16:00 4598 ----a-r- c:\documents and settings\Mary Holman\Application Data\Microsoft\Installer\{CC000127-5E5D-4A1C-90CB-EEAAAC1E3AC0}\NewShortcut2.exe
2010-06-27 16:00 . 2010-06-27 16:00 57344 ----a-r- c:\documents and settings\Mary Holman\Application Data\Microsoft\Installer\{CC000127-5E5D-4A1C-90CB-EEAAAC1E3AC0}\DPS_SMLink.CAA7B2BB_F373_4C0B_8C62_D4147E5C816B.exe
2010-06-27 16:00 . 2010-06-27 16:00 57344 ----a-r- c:\documents and settings\Mary Holman\Application Data\Microsoft\Installer\{CC000127-5E5D-4A1C-90CB-EEAAAC1E3AC0}\DPS_DTLink.CAA7B2BB_F373_4C0B_8C62_D4147E5C816B.exe
2010-06-27 16:00 . 2010-06-27 16:00 4598 ----a-r- c:\documents and settings\Mary Holman\Application Data\Microsoft\Installer\{CC000127-5E5D-4A1C-90CB-EEAAAC1E3AC0}\ARPPRODUCTICON.exe
2010-06-27 15:59 . 2010-06-27 16:00 -------- d-----w- c:\program files\Jasc Software Inc
2010-06-27 15:59 . 2010-06-27 15:59 -------- d-----w- c:\program files\Dell Computer
2010-06-27 15:57 . 2010-06-27 15:58 -------- d-----w- c:\program files\ABBYY FineReader 5.0 Sprint
2010-06-27 15:57 . 2004-08-23 14:42 131072 ----a-r- c:\windows\system32\dlbusnls.dll
2010-06-27 15:57 . 2004-08-23 14:40 143360 ----a-r- c:\windows\system32\dlbucoin.dll
2010-06-27 15:57 . 2008-04-13 15:45 15104 -c--a-w- c:\windows\system32\dllcache\usbscan.sys
2010-06-27 15:57 . 2008-04-13 15:45 15104 ----a-w- c:\windows\system32\drivers\usbscan.sys
2010-06-27 15:57 . 2001-08-18 02:36 87040 -c--a-w- c:\windows\system32\dllcache\wiafbdrv.dll
2010-06-27 15:57 . 2001-08-18 02:36 87040 ----a-w- c:\windows\system32\wiafbdrv.dll
2010-06-27 15:52 . 2010-06-27 15:52 -------- d-----w- c:\documents and settings\All Users\Application Data\Easy Driver Pro
2010-06-27 15:01 . 2010-07-15 17:30 -------- d-----w- c:\windows\VirtualEar
2010-06-27 15:01 . 2004-11-19 14:00 49152 ----a-w- c:\windows\system32\DSndUp.exe
2010-06-27 15:01 . 2002-04-17 18:05 45056 ----a-w- c:\windows\system32\CleanUp.exe
2010-06-27 14:42 . 2010-07-20 19:32 -------- d-----w- c:\program files\Java
2010-06-27 14:42 . 2010-07-20 19:32 -------- d-----w- c:\program files\Common Files\Java
2010-06-27 14:42 . 2010-06-27 14:42 -------- d-----w- c:\documents and settings\Mary Holman\Local Settings\Application Data\{7148F0A6-6813-11D6-A77B-00B0D0142030}
2010-06-27 14:28 . 2010-06-27 14:28 -------- d-----w- c:\windows\PCTEL
2010-06-27 14:28 . 2003-06-13 20:42 456 ------w- c:\windows\system32\pthsp.dat
2010-06-27 14:27 . 2003-09-05 19:19 64512 ------w- c:\windows\system32\agrsmdel.exe
2010-06-27 13:59 . 2009-08-06 23:23 274288 ----a-w- c:\windows\system32\mucltui.dll
2010-06-27 13:59 . 2009-08-06 23:23 215920 ----a-w- c:\windows\system32\muweb.dll
2010-06-27 13:14 . 2010-06-27 13:14 -------- d-sh--w- c:\documents and settings\Administrator\PrivacIE
2010-06-27 12:21 . 2010-06-27 12:23 -------- d-----w- c:\windows\SxsCaPendDel
2010-06-27 11:35 . 2010-06-27 11:35 -------- d-----w- c:\documents and settings\Mary Holman\Local Settings\Application Data\SoftGrid Client
2010-06-27 11:35 . 2010-06-27 12:20 -------- d-----w- c:\documents and settings\Mary Holman\Application Data\SoftGrid Client
2010-06-27 11:34 . 2010-06-27 12:21 -------- d-----w- c:\windows\system32\config\systemprofile\Application Data\SoftGrid Client
2010-06-27 11:31 . 2010-07-02 12:53 -------- d-----w- c:\documents and settings\Mary Holman\Application Data\TP
2010-06-27 11:18 . 2010-06-27 11:18 -------- d-----w- c:\program files\MSECache
2010-06-26 23:14 . 2010-06-26 23:14 -------- d-----w- c:\documents and settings\All Users\Application Data\Yahoo!
2010-06-26 23:14 . 2010-06-26 23:14 -------- d-----w- c:\program files\Yahoo!
2010-06-26 22:59 . 2006-02-10 01:05 520192 ------w- c:\windows\system32\ati2sgag.exe
2010-06-26 22:48 . 2006-03-02 03:30 618880 ----a-w- c:\windows\system32\drivers\IntelC52.sys
2010-06-26 20:22 . 2010-07-12 10:44 -------- d-----w- C:\drvrtmp
2010-06-26 20:22 . 2004-02-18 21:40 12288 ----a-w- c:\windows\system32\e100bmsg.dll
2010-06-26 20:22 . 2004-02-10 19:49 154112 -c--a-w- c:\windows\system32\dllcache\e100b325.sys

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-07-05 15:45 . 2010-06-26 19:33 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-06-27 15:57 . 2010-06-27 15:55 -------- d-----w- c:\program files\Dell Photo AIO Printer 942
2010-06-27 15:52 . 2010-06-26 09:44 16992 ----a-w- c:\documents and settings\Mary Holman\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-06-27 15:00 . 2010-06-26 19:33 -------- d-----w- c:\program files\Common Files\InstallShield
2010-06-26 22:59 . 2010-06-26 22:58 -------- d-----w- c:\program files\ATI Technologies
2010-06-26 22:50 . 2010-06-26 19:54 -------- d-----w- c:\program files\Digital Line Detect
2010-06-26 22:49 . 2010-06-26 22:49 99120 ----a-w- c:\windows\pchealth\helpctr\Config\Cache\Personal_32_1033.dat
2010-06-26 22:49 . 2010-06-26 19:18 77915 ----a-w- c:\windows\pchealth\helpctr\OfflineCache\index.dat
2010-06-26 22:46 . 2010-06-26 19:30 -------- d-----w- c:\program files\CONEXANT
2010-06-26 20:44 . 2010-06-26 10:07 -------- d-----w- c:\program files\Common Files\Symantec Shared
2010-06-26 20:21 . 2010-06-26 19:36 -------- d-----w- c:\program files\Dell
2010-06-26 19:59 . 2010-06-26 19:58 -------- d-----w- c:\program files\UIU
2010-06-26 19:37 . 2010-06-26 19:37 -------- d-----w- c:\documents and settings\All Users\Application Data\CyberLink
2010-06-26 19:19 . 2010-06-26 19:19 -------- d-----w- c:\program files\microsoft frontpage
2010-06-26 19:16 . 2010-06-26 19:16 21640 ----a-w- c:\windows\system32\emptyregdb.dat
2010-06-26 10:08 . 2010-06-26 10:08 664 ----a-w- c:\windows\system32\d3d9caps.dat
2010-06-26 10:08 . 2010-06-26 10:06 -------- d-----w- c:\documents and settings\All Users\Application Data\Norton
2010-06-26 10:07 . 2010-06-26 10:07 -------- d-----w- c:\program files\Symantec
2010-06-26 10:07 . 2010-06-26 10:07 805 ----a-w- c:\windows\system32\drivers\SYMEVENT.INF
2010-06-26 10:07 . 2010-06-26 10:07 7443 ----a-w- c:\windows\system32\drivers\SYMEVENT.CAT
2010-06-26 10:07 . 2010-06-26 10:07 60808 ----a-w- c:\windows\system32\S32EVNT1.DLL
2010-06-26 10:07 . 2010-06-26 10:07 124976 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS
2010-06-26 10:07 . 2010-06-26 10:06 -------- d-----w- c:\program files\Norton Internet Security
2010-06-26 10:06 . 2010-06-26 10:06 -------- d-----w- c:\program files\Windows Sidebar
2010-06-26 10:06 . 2010-06-26 10:06 -------- d-----w- c:\program files\NortonInstaller
2010-06-26 10:06 . 2010-06-26 10:06 -------- d-----w- c:\documents and settings\All Users\Application Data\NortonInstaller
2010-06-26 09:42 . 2010-06-26 09:42 -------- d-----w- c:\program files\MSBuild
2010-06-26 09:42 . 2010-06-26 09:42 -------- d-----w- c:\program files\Reference Assemblies
2010-06-26 09:40 . 2010-06-26 09:40 -------- d-----w- c:\program files\MSXML 6.0
2010-06-14 14:31 . 2010-06-26 19:16 744448 ----a-w- c:\windows\pchealth\helpctr\binaries\helpsvc.exe
2010-05-06 10:41 . 2004-08-04 12:00 916480 ----a-w- c:\windows\system32\wininet.dll
2010-05-02 05:22 . 2004-08-04 12:00 1851264 ----a-w- c:\windows\system32\win32k.sys
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Google Update"="c:\documents and settings\Mary Holman\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2010-06-26 136176]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"PCMService"="c:\program files\Dell\Media Experience\PCMService.exe" [2004-04-12 290816]
"ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2004-07-14 339968]
"Dell Photo AIO Printer 942"="c:\program files\Dell Photo AIO Printer 942\dlbubmgr.exe" [2004-08-31 294912]
"DellMCM"="c:\program files\Dell Photo AIO Printer 942\memcard.exe" [2004-07-27 262144]
"MSN Toolbar"="c:\program files\MSN Toolbar\Platform\4.0.0379.0\mswinext.exe" [2009-12-09 240992]
"Microsoft Default Manager"="c:\program files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" [2009-07-17 288080]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2004-10-14 1404928]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2010-6-26 24576]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\mmtask]
2004-04-20 20:24 53248 ----a-w- c:\program files\MUSICMATCH\Musicmatch Jukebox\mmtask.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=

R0 SymDS;Symantec Data Store;c:\windows\system32\drivers\NIS\1107000.00C\symds.sys [6/26/2010 4:48 PM 328752]
R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\NIS\1107000.00C\symefa.sys [6/26/2010 4:48 PM 173104]
R1 BHDrvx86;BHDrvx86;c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.6.0.32\Definitions\BASHDefs\20100709.001\BHDrvx86.sys [7/12/2010 7:56 PM 691248]
R1 ccHP;Symantec Hash Provider;c:\windows\system32\drivers\NIS\1107000.00C\cchpx86.sys [6/26/2010 4:48 PM 501888]
R1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\NIS\1107000.00C\ironx86.sys [6/26/2010 4:48 PM 116784]
R2 NIS;Norton Internet Security;c:\program files\Norton Internet Security\Engine\17.7.0.12\ccsvchst.exe [6/26/2010 4:48 PM 126392]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [7/15/2010 3:15 AM 102448]
R3 IDSxpx86;IDSxpx86;c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.6.0.32\Definitions\IPSDefs\20100719.001\IDSXpx86.sys [7/19/2010 8:46 PM 331640]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
p2psvc REG_MULTI_SZ p2psvc p2pimsvc p2pgasvc PNRPSvc
.
Contents of the 'Scheduled Tasks' folder

2010-07-20 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1229272821-790525478-839522115-1004Core.job
- c:\documents and settings\Mary Holman\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-06-26 09:23]

2010-07-20 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1229272821-790525478-839522115-1004UA.job
- c:\documents and settings\Mary Holman\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-06-26 09:23]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
FF - ProfilePath - c:\documents and settings\Mary Holman\Application Data\Mozilla\Firefox\Profiles\csdu36fb.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - prefs.js: network.proxy.type - 0
FF - component: c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.6.0.32\coFFPlgn\components\coFFPlgn.dll
FF - component: c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.6.0.32\IPSFFPlgn\components\IPSFFPl.dll
FF - component: c:\documents and settings\Mary Holman\Application Data\Mozilla\Firefox\Profiles\csdu36fb.default\extensions\{7b13ec3e-999a-4b70-b9cb-2617b8323822}\components\FFExternalAlert.dll
FF - component: c:\documents and settings\Mary Holman\Application Data\Mozilla\Firefox\Profiles\csdu36fb.default\extensions\{7b13ec3e-999a-4b70-b9cb-2617b8323822}\components\RadioWMPCore.dll
FF - plugin: c:\documents and settings\Mary Holman\Local Settings\Application Data\Google\Update\1.2.183.29\npGoogleOneClick8.dll
FF - plugin: c:\program files\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\MSN Toolbar\Platform\4.0.0379.0\npwinext.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.proxy.type", 5);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 45);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("accelerometer.enabled", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.
- - - - ORPHANS REMOVED - - - -

HKLM-Run-SunJavaUpdateSched - c:\program files\Java\jre6\bin\jusched.exe
MSConfigStartUp-UIUCU - c:\docume~1\MARYHO~1\LOCALS~1\Temp\UIUCU.EXE



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-07-20 16:08
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\NIS]
"ImagePath"="\"c:\program files\Norton Internet Security\Engine\17.7.0.12\ccSvcHst.exe\" /s \"NIS\" /m \"c:\program files\Norton Internet Security\Engine\17.7.0.12\diMaster.dll\" /prefetch:1"
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe,-101"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(732)
c:\windows\system32\l3codeca.acm

- - - - - - - > 'explorer.exe'(2476)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.3053_x-ww_b80fa8ca\MSVCR80.dll
c:\windows\system32\webcheck.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\System32\SCardSvr.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\windows\system32\tcpsvcs.exe
c:\windows\System32\snmp.exe
c:\program files\Dell Photo AIO Printer 942\dlbubmon.exe
.
**************************************************************************
.
Completion time: 2010-07-20 16:11:51 - machine was rebooted
ComboFix-quarantined-files.txt 2010-07-20 20:11

Pre-Run: 72,723,460,096 bytes free
Post-Run: 72,640,073,728 bytes free

WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect

- - End Of File - - 6DA34BD5BE9312AD586161CA6174074B
I Will let you know how the computer is running after a few hours of use. Presently it seems a bit faster and so far no jumping curser but i still have no audio.
shekha
Active Member
 
Posts: 10
Joined: July 14th, 2010, 1:10 pm

Re: No sound and curser jumping all over the page.

Unread postby jmw3 » July 21st, 2010, 5:19 am

Hi

MBRCheck
Dowload MBRCheck by a_d_13 from Here & save it to your desktop.
  • Double click MBRCheck.exe to run it
  • It will open a black window. Please do not fix anything (if it gives you an option)
  • Exit that window & it will produce a log (MBRCheck_date_time)
  • Post the contents of that log in your next reply
Kaspersky Online Scan
Do an online scan with >Kaspersky Online Scanner<
  • Read through the requirements and privacy statement and click on Accept button
  • It will start downloading and installing the scanner and virus definitions. You will be prompted to install an application from Kaspersky. Click Run
  • When the downloads have finished, click on Settings
  • Make sure these boxes are checked (ticked). If they are not, please tick them and click on the Save button:
      Spyware, Adware, Dialers, and other potentially dangerous programs
      Archives
      Mail databases
  • Click on My Computer under Scan
  • Once the scan is complete, it will display the results. Click on View Scan Report
  • You will see a list of infected items there. Click on Save Report As...
  • Save this report to a convenient place. Change the Files of type to Text file (.txt) before clicking on the Save button
  • Please post this log in your next reply
Pictured tutorial if required.
This scan will take quite some time to update & scan, so be patient with it.

To post in next reply:
MBRCheck log
Kaspsersky Online Scan log
User avatar
jmw3
MRU Emeritus
MRU Emeritus
 
Posts: 4621
Joined: February 12th, 2008, 2:36 am
Location: Port Hedland, Western Australia

Re: No sound and curser jumping all over the page.

Unread postby shekha » July 21st, 2010, 8:24 am

Hello,

This is what i get when i try to download MBRCheck by a_d_13.................

403 Forbidden
Access to this resource on the server is denied!
Powered By LiteSpeed Web Server
LiteSpeed Technologies is not responsible for administration and contents of this web site!

Also the Kaspersky Online Scanner will not run. When i go to the site it says computer does not meet the requirements for kapersky Online Scanner. Tried to copy and paste the exact message from Kapersky but for some reason it will not let me copy. And now the page is scrolling on it's own and minimizing and maximizing so fast i can't do anything.

Thank You:
shekha
Active Member
 
Posts: 10
Joined: July 14th, 2010, 1:10 pm

Re: No sound and curser jumping all over the page.

Unread postby jmw3 » July 21st, 2010, 10:14 am

Hi

Ok, no worries. That link for MBRCheck is down at the moment. Try these:
Link 1
Link 2

Forget the Kaspersky scan & try this one:
ESET Online Scanner
Go here to run an online scannner from ESET.
  • Note: You will need to use Internet explorer for this scan
  • Turn off the real time scanner of any existing antivirus program while performing the online scan
  • Tick the box next to YES, I accept the Terms of Use.
  • Click Start
  • When asked, allow the activex control to install
  • Click Start
  • Make sure that the option Remove found threats is unticked and the Scan Archives option is ticked
  • Click on Advanced Settings, ensure the options Scan for potentially unwanted applications, Scan for potentially unsafe applications, and Enable Anti-Stealth Technology are ticked
  • Click Scan
  • Wait for the scan to finish
  • Use notepad to open the logfile located at C:\Program Files\Eset\Eset Online Scanner\log.txt
  • Copy and paste that log as a reply to this topic
To post in next reply:
MBRCheck log
Eset Online Scan log
User avatar
jmw3
MRU Emeritus
MRU Emeritus
 
Posts: 4621
Joined: February 12th, 2008, 2:36 am
Location: Port Hedland, Western Australia

Re: No sound and curser jumping all over the page.

Unread postby shekha » July 21st, 2010, 9:07 pm

Hello,

Here are the logs you asked for.

MBRCHECK log:

MBRCheck, version 1.1.1

(c) 2010, AD



\\.\C: --> \\.\PhysicalDrive0



Size Device Name MBR Status

--------------------------------------------

74 GB \\.\PhysicalDrive0 Windows XP MBR code detected





Done! Press ENTER to exit...


ESET ONLINE SCAN log:

ESETSmartInstaller@High as CAB hook log:
OnlineScanner.ocx - registred OK
# version=7
# iexplore.exe=8.00.6001.18702 (longhorn_ie8_rtm(wmbla).090308-0339)
# OnlineScanner.ocx=1.0.0.6211
# api_version=3.0.2
# EOSSerial=5015c3c69385c446a13f2a3b78bcfa5a
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2010-07-22 12:59:06
# local_time=2010-07-21 08:59:06 (-0500, Eastern Daylight Time)
# country="United States"
# lang=1033
# osver=5.1.2600 NT Service Pack 3
# compatibility_mode=512 16777215 100 0 0 0 0 0
# compatibility_mode=3588 16777190 85 88 2080992 18417215 0 0
# compatibility_mode=8192 67108863 100 0 0 0 0 0
# scanned=38219
# found=0
# cleaned=0
# scan_time=1566

Thank You
shekha
Active Member
 
Posts: 10
Joined: July 14th, 2010, 1:10 pm

Re: No sound and curser jumping all over the page.

Unread postby jmw3 » July 22nd, 2010, 3:53 am

Hi

How's the computer running?

View Hidden Files & Folders Windows XP
To view Hidden Files & Folders do the following:
Click Start
Open My Computer
Select the Tools menu and click Folder Options
Select the View Tab
Under the Hidden files and folders heading select Show hidden files and folders
Uncheck the Hide protected operating system files (recommended) option
Click Yes to confirm
Click OK

Upload Files for Scanning
Go to VirusTotal & upload the following File/s for scanning.
  • Click Browse
  • Copy & paste the following File & Path in the text box next to File name: then click Open
    Code: Select all
    c:\windows\system32\Edcrypt.dll
  • Click Send File
  • If confronted with two options, choose Reanalyse file now
  • Wait for scans to finish then copy & paste the URL from your browser address bar in your next reply
User avatar
jmw3
MRU Emeritus
MRU Emeritus
 
Posts: 4621
Joined: February 12th, 2008, 2:36 am
Location: Port Hedland, Western Australia

Re: No sound and curser jumping all over the page.

Unread postby shekha » July 22nd, 2010, 8:33 am

Hello,
Here is the address you requested.

http://www.virustotal.com/analisis/901f ... 1279801589

Thank You:
shekha
Active Member
 
Posts: 10
Joined: July 14th, 2010, 1:10 pm

Re: No sound and curser jumping all over the page.

Unread postby jmw3 » July 22nd, 2010, 8:40 am

Hi

No signs of malware from the logs you have provided.

Still problems with the audio?
User avatar
jmw3
MRU Emeritus
MRU Emeritus
 
Posts: 4621
Joined: February 12th, 2008, 2:36 am
Location: Port Hedland, Western Australia

Re: No sound and curser jumping all over the page.

Unread postby shekha » July 22nd, 2010, 9:10 am

yes still no audio but i will try reinstalling the drivers now and see if that works. Thank You:
shekha
Active Member
 
Posts: 10
Joined: July 14th, 2010, 1:10 pm

Re: No sound and curser jumping all over the page.

Unread postby jmw3 » July 22nd, 2010, 10:22 am

OK, that was going to be my first suggestion. Let me know how you get on.

Clean Up
Now we need to clear out the programs we've been using to clean up your computer, they are not suitable for general malware removal and could cause damage if used inappropriately.
Remove ComboFix
The following will implement some cleanup procedures as well as reset System Restore points:
Click Start > Run then copy/paste the following bolded text into the Run box and click OK:
ComboFix /Uninstall
OTC
Download OTC by Old Timer here & save it to your desktop.
Double click on OTC.exe. Click on CleanUp!.
You will receive a prompt that it needs to restart the computer to remove the files. Click Yes.
It will restart your computer automatically. If it doesn't, please restart your computer manually.
You can delete the following from your desktop:
The Gmer.exe file (it will be randomly named .exe file)
TFC.exe
Any logs that may have been saved to your desktop

You can remove the Kaspersky & Eset Online Scanners. This can be done via Add or Remove Programs
You should also remove HijackThis. This also can be done via Add or Remove Programs
User avatar
jmw3
MRU Emeritus
MRU Emeritus
 
Posts: 4621
Joined: February 12th, 2008, 2:36 am
Location: Port Hedland, Western Australia
Advertisement
Register to Remove

Next

  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 70 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware